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DETAILED ACTION 

1. Applicant's amendment filed on Jan. 05, 2009 has been entered. Claims 1-20 
are pending. Claims 1, 9 are amended and Claims 17-20 are newly added by the 
applicant. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

2. Claims 1-4, 17 are rejected under 35 U.S.C. 101 because the claimed invention 
is directed to non-statutory subject matter. 

Claim 1 recites "A digital certificate recorded on a computer readable medium, 
comprising: a distinguished name (DN) field; and a common name (CN) field within the 
DN field, containing a resource identifier, wherein the resource identifier contains 
information identifying each of a plurality of certificate-issuing resources in the 
certification path of the digital certificate". Claim 1 recites limitation that is merely 
arrangement of data and therefore the arrangement of data is nonfunctional descriptive 
material per se. When nonfunctional descriptive material is recorded on some 
computer-readable medium, it is not statutory since no requisite functionality is present 
to satisfy the practical application requirement. See MPEP § 2106.01. Therefore, claim 
1 recites non-statutory subject matter. 
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Claims 2-4, 17 depend on claim 1, therefore they are rejected with the same 
rationale applied against claim 1 above. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this 
title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Benantar et al (US Pub. No. 2003/0065920) and in view of Perlman (US Pub. No. 
2002/0147905). 

As per claim 1 . Benantar teaches: 

A digital certificate [Fig. 5, 500], comprising: a distinguished name (DN) field 
[Fig. 5, 506]; and a common name (CN) field within the DN field [paragraph 0032, 
lines 18-28 "The distinguished name (DN) of a subject or issuer is formed by 
concatenating a series of relative distinguished name (RDNs) corresponding to 
nodes in a tree known as a directory information tree (DIT). Thus, the 
distinguished name CN=John Doe, OU=Research, 0=Widgets.com, C=US is the 
concatenation (beginning from the root of the tree) of the RDNs C=US, 
0=Widgets.com, OU=Research and CN=John Doe, where C signifies country, O 
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signifies organization, OU signifies organizational unit, and CN signifies common 
name", Fig. 5]. Benantar teaches the common name field within the distinguished 
name field, containing a resource identifier (e.g. identifying information) identifying each 
of a plurality of resources in a tree [paragraph 0032 lines 18-22, "The distinguished 
name (DN) of a subject or issuer is formed by concatenating a series of relative 
distinguished name (RDNs) corresponding to nodes in a tree known as a 
directory information tree (DIT)]. Benantar doesn't explicitly mention identifying each 
of a plurality of certificate-issuing resources in the certification path of the digital 
certificate. 

However, Perlman teaches: the digital certificate [Fig. 5, 4] contains the identifying 
information identifying each of a plurality of certificate-issuing resources in a certification 
path of the digital certificate [Fig. 5, 3, paragraph 0036, "Certificate chains generated 
by CA's in conventional systems typically comprise certificate chains like the 
certificate chain 40. For example, in the event the top-down model 30 is deployed 
in a conventional system....", paragraph 0037, a conventional certificate chain 
comprising a plurality of linked certificates is converted into a collapsed 
certificate. FIG. 5 depicts a conceptual representation of an exemplary collapsed 
certificate 50 issued by a CA in response to a request by a client. In one 
embodiment, the collapsed certificate 50 includes an indication 52 of the identity 
of a CA, an indication 54 of the identity of at least one ICA (i.e., the ICA's 54.1- 
54.N), and an indication 56 of the identity of a client", paragraph 0051]. 
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It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to modify the digital certificate of Benantar's invention by including the 
identification information as taught by Perlman because it would reduce bandwidth 
utilization and processing overhead associated with the processing of linked certificates 
[Perlman, paragraph 0021 lines 6-11]. 

As per claim 2 , the rejection of claim 1 is incorporated and Perlman teaches: 
the resource identifier is a hierarchical identifier specifying an identity of a 
trusted root resource, and an identity of a resource issuing the digital certificate [Fig. 3, 
5, paragraph 0029 "FIG. 3 depicts an exemplary Public Key Infrastructure (PKI) 
model 30, which may be deployed in the computer network 16 (see FIG. 1) to 
enable the discovery of public keys. Specifically, the PKI model 30 comprises a 
"top-down" hierarchical model that includes a single root CA 14.1, a plurality of 
Intermediate Certification Authorities (ICA's) 14.2-14.7", paragraph 0030 " In the 
top-down model 30, each of the clients 12.1-12.4 trusts the root CA 14.1.", 
paragraph 0037 "a conventional certificate chain comprising a plurality of linked 
certificates is converted into a collapsed certificate. FIG. 5 depicts a conceptual 
representation of an exemplary collapsed certificate 50 issued by a CA in 
response to a request by a client. In one embodiment, the collapsed certificate 50 
includes an indication 52 of the identity of a CA, an indication 54 of the identity of 
at least one ICA (i.e., the ICA's 54.1-54.N)"]. 
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As per claim 3 , the rejection of claim 1 is incorporated and Perlman teaches: 
the resource identifier further contains identifiers of certificate-issuing resources 
in a certification path between the trusted root resource and the resource issuing the 
digital certificate [Fig. 3, 5, paragraph 0029, paragraph 0037 "a conventional 
certificate chain comprising a plurality of linked certificates is converted into a 
collapsed certificate. FIG. 5 depicts a conceptual representation of an exemplary 
collapsed certificate 50 issued by a CA in response to a request by a client. In one 
embodiment, the collapsed certificate 50 includes an indication 52 of the identity 
of a CA, an indication 54 of the identity of at least one ICA (i.e., the ICA's 54.1- 
54.N)", paragraph 0050, 0051 "the root CA 14.1 may generate a collapsed 
certificate for the ICA 14.5 signed by the root CA 14.1 and including an indication 
of the identity of the ICA 14.4. Similarly, the ICA 14.4 may generate a collapsed 
certificate for the client 12.3 signed by the ICA 14.4 and including an indication of 
the identity of the ICA 14.5. Accordingly, consistent with the present invention, a 
collapsed certificate may be generated anywhere within a chain of linked 
certificates, in which two (2) or more linked certificates are collapsed to form a 
single certificate"]. 

As per claim 4 , the rejection of claim 1 is incorporated and Benantar teaches the 
digital certificate is for use in a computing system [Figs. 1, 3, 4]. Further, Perlman 
teaches the digital certificate is for use in a computing system, and the certification 
path leads to a trusted source for the computing system [Figs. 1-3, paragraph 0023 
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"The system 10 includes a plurality of entities. In this illustrative embodiment, 
such entities may comprise components in a computer network such as 
principals, clients, servers", paragraph 0024 "the system 10 includes a plurality 
of clients 12. 1-12. N, a plurality of Certification Authorities (CA's) 14.1-14.N, a 
Directory Server (DS) 18 operative to provide access to certificates issued by 
one or more of the CA's 14", paragraph 0029 "Public Key Infrastructure (PKI) 
model 30, which may be deployed in the computer network 16 (see FIG. 1) to 
enable the discovery of public keys. Specifically, the PKI model 30 comprises a 
"top-down" hierarchical model that includes a single root CA 14.1, a plurality of 
Intermediate Certification Authorities (ICA's) 14.2-14.7, and a plurality of clients 
12.1-12.4", paragraph 0030]. 

As per claim 5 , Benantar teaches: 

A method for generating a digital certificate with an authority identification field 
[Fig. 5, 500], comprising: signing the digital certificate [Fig. 5, 508]; inserting into the 
authority identification field a resource identifier that contains information identifying 
certificate-issuing resource [Fig. 506]. Benantar teaches the authority identification field, 
contains identifying information identifying each of a plurality of resources in a tree 
[paragraph 0032 lines 18-22, "The distinguished name (DN) of a subject or issuer 
is formed by concatenating a series of relative distinguished name (RDNs) 
corresponding to nodes in a tree known as a directory information tree (DIT)]. 
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Benantar doesn't explicitly mention identifying each of a plurality of certificate-issuing 
resources in the certification path of the digital certificate. 

However, Perlman teaches: the digital certificate [Fig. 5, 4] contains the identifying 
information identifying each of a plurality of certificate-issuing resources in a certification 
path of the digital certificate [Fig. 5, 3, paragraph 0036, "Certificate chains generated 
by CA's in conventional systems typically comprise certificate chains like the 
certificate chain 40. For example, in the event the top-down model 30 is deployed 
in a conventional system....", paragraph 0037, a conventional certificate chain 
comprising a plurality of linked certificates is converted into a collapsed 
certificate. FIG. 5 depicts a conceptual representation of an exemplary collapsed 
certificate 50 issued by a CA in response to a request by a client. In one 
embodiment, the collapsed certificate 50 includes an indication 52 of the identity 
of a CA, an indication 54 of the identity of at least one ICA (i.e., the ICA's 54.1- 
54.N), and an indication 56 of the identity of a client", paragraph 0051]. 
It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to modify the digital certificate of Benantar's invention by including the 
identification information as taught by Perlman because it would reduce bandwidth 
utilization and processing overhead associated with the processing of linked certificates 
[Perlman, paragraph 0021 lines 6-11]. 

As per claim 6 , the rejection of claim 5 is incorporated and Perlman teaches: 



Application/Control Number: 10/573,859 Page 9 

Art Unit: 2435 

the resource identifier is a hierarchical identifier specifying an identity of a 
trusted root resource, and an identity of a resource issuing the digital certificate [Fig. 3, 
5, paragraph 0029 "FIG. 3 depicts an exemplary Public Key Infrastructure (PKI) 
model 30, which may be deployed in the computer network 16 (see FIG. 1) to 
enable the discovery of public keys. Specifically, the PKI model 30 comprises a 
"top-down" hierarchical model that includes a single root CA 14.1, a plurality of 
Intermediate Certification Authorities (ICA's) 14.2-14.7", paragraph 0030 " In the 
top-down model 30, each of the clients 12.1-12.4 trusts the root CA 14.1.", 
paragraph 0037 "a conventional certificate chain comprising a plurality of linked 
certificates is converted into a collapsed certificate. FIG. 5 depicts a conceptual 
representation of an exemplary collapsed certificate 50 issued by a CA in 
response to a request by a client. In one embodiment, the collapsed certificate 50 
includes an indication 52 of the identity of a CA, an indication 54 of the identity of 
at least one ICA (i.e., the ICA's 54.1-54.N)"]. 

As per claim 7 . the rejection of claim 5 is incorporated and Perlman teaches: 
the resource identifier further contains identifiers of certificate-issuing resources 
in a certification path between the trusted root resource and the resource issuing the 
digital certificate [Fig. 3, 5, paragraph 0029, paragraph 0037 "a conventional 
certificate chain comprising a plurality of linked certificates is converted into a 
collapsed certificate. FIG. 5 depicts a conceptual representation of an exemplary 
collapsed certificate 50 issued by a CA in response to a request by a client. In one 
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embodiment, the collapsed certificate 50 includes an indication 52 of the identity 
of a CA, an indication 54 of the identity of at least one ICA (i.e., the ICA's 54.1- 
54.N)", paragraph 0050, 0051 "the root CA 14.1 may generate a collapsed 
certificate for the ICA 14.5 signed by the root CA 14.1 and including an indication 
of the identity of the ICA 14.4. Similarly, the ICA 14.4 may generate a collapsed 
certificate for the client 12.3 signed by the ICA 14.4 and including an indication of 
the identity of the ICA 14.5. Accordingly, consistent with the present invention, a 
collapsed certificate may be generated anywhere within a chain of linked 
certificates, in which two (2) or more linked certificates are collapsed to form a 
single certificate"]. 

As per claim 8 , the rejection of claim 5 is incorporated and Benantar teaches the 
digital certificate is for use in a computing system [Figs. 1, 3, 4]. Further, Perlman 
teaches the digital certificate is for use in a computing system, and the certification 
path leads to a trusted source for the computing system [Figs. 1-3, paragraph 0023 
"The system 10 includes a plurality of entities. In this illustrative embodiment, 
such entities may comprise components in a computer network such as 
principals, clients, servers", paragraph 0024 "the system 10 includes a plurality 
of clients 12. 1-12. N, a plurality of Certification Authorities (CA's) 14.1-14.N, a 
Directory Server (DS) 18 operative to provide access to certificates issued by 
one or more of the CA's 14", paragraph 0029 "Public Key Infrastructure (PKI) 
model 30, which may be deployed in the computer network 16 (see FIG. 1) to 
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enable the discovery of public keys. Specifically, the PKI model 30 comprises a 
"top-down" hierarchical model that includes a single root CA 14.1, a plurality of 
Intermediate Certification Authorities (ICA's) 14.2-14.7, and a plurality of clients 
12.1-12.4", paragraph 0030]. 

As per claim 9 , it encompasses limitations that are similar to limitations of claim 
5. Thus, it is rejected with the same rationale applied against claim 5 above. 

As per claim 10 , the rejection of claim 9 is incorporated and it encompasses 
limitations that are similar to limitations of claim 6. Thus, it is rejected with the same 
rationale applied against claim 6 above. 

As per claim 11 , the rejection of claim 9 is incorporated and it encompasses 
limitations that are similar to limitations of claim 7. Thus, it is rejected with the same 
rationale applied against claim 7 above. 

As per claim 12 , the rejection of claim 9 is incorporated and it encompasses 
limitations that are similar to limitations of claim 8. Thus, it is rejected with the same 
rationale applied against claim 8 above. 



As per claim 13 , Benantar teaches: 
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a digital certificate having an authority identification field [Fig. 5, 500], containing 
a resource identifier that contains information identifying certificate-issuing resource 
[Fig. 506]. Benantar teaches the authority identification field, contains identifying 
information identifying each of a plurality of resources in a tree [paragraph 0032 lines 
18-22, "The distinguished name (DN) of a subject or issuer is formed by 
concatenating a series of relative distinguished name (RDNs) corresponding to 
nodes in a tree known as a directory information tree (DIT)]; identifying the 
certificate-issuing resource that issued the digital certificate based on the resource 
identifier in the authority identification field of the digital certificate [Fig. 5, 506, 
paragraph 0032 lines 11-18 "the issuer's distinguished name 506, and the issuer's 
signature 508"]; querying the certificate-issuing resource to determine status of the 
certificate [Fig. 3, step 316]. Benantar doesn't explicitly mention identifying each of a 
plurality of certificate-issuing resources in the certification path of the digital certificate 
and determine if the digital certificate has been revoked. 

However, Perlman teaches: the digital certificate [Fig. 5, 4] contains the identifying 
information identifying each of a plurality of certificate-issuing resources in a certification 
path of the digital certificate [Fig. 5, 3, paragraph 0036, "Certificate chains generated 
by CA's in conventional systems typically comprise certificate chains like the 
certificate chain 40. For example, in the event the top-down model 30 is deployed 
in a conventional system....", paragraph 0037, a conventional certificate chain 
comprising a plurality of linked certificates is converted into a collapsed 
certificate. FIG. 5 depicts a conceptual representation of an exemplary collapsed 
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certificate 50 issued by a CA in response to a request by a client. In one 
embodiment, the collapsed certificate 50 includes an indication 52 of the identity 
of a CA, an indication 54 of the identity of at least one ICA (i.e., the ICA's 54.1- 
54.N), and an indication 56 of the identity of a client", paragraph 0051]; 
determining if the digital certificate has been revoked [paragraph 0044 "CA's or 
clients may determine whether the certificate of any ICA in the chain has been 
revoked by testing the names of the ICA's included in the collapsed certificate 
against names included in a CRI — "]. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to modify the digital certificate of Benantar's invention by including the 
identification information as taught by Perlman because it would reduce bandwidth 
utilization and processing overhead associated with the processing of linked certificates 
[Perlman, paragraph 0021 lines 6-11]. 

As per claim 14 , the rejection of claim 13 is incorporated and it encompasses 
limitations that are similar to limitations of claim 6. Thus, it is rejected with the same 
rationale applied against claim 6 above. 

As per claim 15 , the rejection of claim 13 is incorporated and it encompasses 
limitations that are similar to limitations of claim 7. Thus, it is rejected with the same 
rationale applied against claim 7 above. 
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As per claim 16 , the rejection of claim 13 is incorporated and it encompasses 
limitations that are similar to limitations of claim 8. Thus, it is rejected with the same 
rationale applied against claim 8 above. 

As per claim 17 , the rejection of claim 3 is incorporated and Benantar teaches 
the resource identifier is a single identifier [Fig. 5 filed 506] that identifies the trusted 
root resource and the identity of the resource issuing the digital certificate [paragraph 
0032 lines 18-22, "The distinguished name (DN) of a subject or issuer is formed 
by concatenating a series of relative distinguished names (RDNs) corresponding 
to nodes in a tree known as a directory information tree (DIT)]. 

As per claim 18 , the rejection of claim 6 is incorporated and it encompasses 
limitations that are similar to limitations of claim 17. Thus, it is rejected with the same 
rationale applied against claim 17 above. 

As per claim 19 , the rejection of claim 10 is incorporated and it encompasses 
limitations that are similar to limitations of claim 17. Thus, it is rejected with the same 
rationale applied against claim 17 above. 



As per claim 20 . the rejection of claim 14 is 
limitations that are similar to limitations of claim 17. 
rationale applied against claim 17 above. 



incorporated and it encompasses 
Thus, it is rejected with the same 
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Response to Argument 



4. Applicant's arguments filed Jan. 05, 2009 have been fully considered but they 
are not persuasive. 

Regarding to claim rejection under 35 U.S.C. § 101, Applicant has amended 
claim 1 to "A digital certificate recorded on a computer readable medium comprises ..." 
to correct the 35 U.S.C. 101 issue. However, the newly amended claim has not 
overcome such deficiency, since Claim 1 recites limitation that is merely arrangement of 
data and therefore the arrangement of data is nonfunctional descriptive material per se. 
When nonfunctional descriptive material is recorded on some computer-readable 
medium, it is not statutory since no requisite functionality is present to satisfy the 
practical application requirement. See MPEP § 2106.01. Therefore, claim 1 recites non- 
statutory subject matter. 

Regarding to claim rejection under 35 U.S.C. § 103, Examiner maintains, since 
Benantar's invention relates to create a digital certificate for a subject, which includes 
the subject's distinguished name (502), the subject's public key (504), the issuer's 
distinguished name (506) and the issuer's signature (508) as shown in Fig. 5. The 
distinguished name of subject or issuer is formed by concatenating a series of relative 
distinguished names corresponding to nodes in a tree known as a directory information 
tree [paragraph 0032]. Thus, the distinguished name CN=John Doe, OU=Research, 
Q=Widgets.com, C=US is the concatenation (beginning from the root of the tree) of the 
RDNs. Therefore, Benantar teaches the common name filed, containing a resource 
identifier, in which that resource identifier, is a single identifier, contains information 



Application/Control Number: 10/573,859 Page 16 

Art Unit: 2435 

identifying each of a plurality of resources (i.e. plurality of nodes in a tree). Further, 
Perlman teaches certificate chain comprises a plurality of linked certificates issued by a 
corresponding plurality of entities in a top-down hierarchical model as shown in Fig. 3 
(i.e. plurality of nodes in a tree). The plurality of linked certificates in the certificate 
chain is converted into a collapsed certificate that includes the identifier information 
associated with the target entity, identification of at least one intermediate entity. 
Therefore, the combination of Benantar and Perlman teaches the claim limitation "the 
common name filed, containing a resource identifier, in which that resource identifier 
contains information identifying each of a plurality of certificate-issuing resources in a 
certification path of the digital certificate. Furthermore, the examiner recognizes that 
obviousness can also be established by combining or modifying the teaching of the 
prior art to produce the claimed invention where there is some teaching, suggestion, or 
motivation to do so found either in the references themselves or in the knowledge 
generally available to on of ordinary skill in the art. See In re Fine, 837 F. 2d 1071, 5 
USPQ2d 1596 (Fed. Cir. 1988) and In re Jones, 958 F.2d 347, 21 USPQ 2 nd 1941 
(Fed. Cir 1992). In this case, the combination of Benantar and Perlman teaches the 
claimed subject matter and the combination is sufficient to incorporate the teaching of 
Perlman into the teaching of Benantar to contain information identifying each of a 
plurality of certificate-issuing resources in a certification path of the digital certificate. 
The modification would be obvious because one of ordinary skill in the art would be 
motivated to reduce certificate processing overhead and reduce bandwidth utilization 
within a network. 
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Specification's amendment filed on Jan. 05, 2009 has been entered. Therefore, 
the Specification objection has been withdrawn. 



Conclusion 

5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Duane et al (US 7461250) - System and method for certificate exchange 

Grimmer (US 5774552) - Method and apparatus for retrieving X.509 certificates from an 

X.500 directory 

Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant 
is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Nirav Patel whose telephone number is 571-272- 
5936. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax and phone numbers for 
the organization where this application or proceeding is assigned is 571-273-8300. Any 
inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 571-272-2100. 

/N.p./ 

Examiner, Art Unit 2435 

/Kimyen Vu/ 

Supervisory Patent Examiner, Art Unit 2435 



